Access to private source code?
Have they already gotten so drunk on "zero trust" that they don't think it should matter if attackers see their source code? Then again, they are open-sourcing a ton of stuff these days...
Access to private source code?
Have they already gotten so drunk on "zero trust" that they don't think it should matter if attackers see their source code? Then again, they are open-sourcing a ton of stuff these days...
I think they just don't care.
Their SECURITY.md mentions bug bounties, yet if your submission has anything to do with GitHub it's immediately disqualified. They refuse to remove that (in my opinion) misleading language.
https://github.com/microsoft/.github/blob/main/SECURITY.md